IETF Logo Mail Archive

Re: [saag] [Trans] draft-iab-crypto-alg-agility-00

Ben Laurie <benl@google.com> Tue, 08 April 2014 14:21 UTC

Return-Path: <benl@google.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 402951A03FE for <saag@ietfa.amsl.com>; Tue, 8 Apr 2014 07:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gxY-KovrPoCv for <saag@ietfa.amsl.com>; Tue, 8 Apr 2014 07:21:37 -0700 (PDT)
Received: from mail-vc0-x236.google.com (mail-vc0-x236.google.com [IPv6:2607:f8b0:400c:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id ACBF61A0415 for <saag@ietf.org>; Tue, 8 Apr 2014 07:21:28 -0700 (PDT)
Received: by mail-vc0-f182.google.com with SMTP id ib6so843013vcb.27 for <saag@ietf.org>; Tue, 08 Apr 2014 07:21:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rUWchDoKIMDjx7REd1lDAGgAk6m7IYhNTvpHswB7DEc=; b=OF+PZBPNwzRl2kKWU8h7J0o/NvO5iPeSXW0dOr/8recnz7aRJ+5s9TiCKUe0uHq+Id VhpM/2TZTk3Q48AJc2cFURN1HHHQDzOZUhEkMe/2EGDze8pO+ySkkJassrzx4YmbMeN3 gaidZFc/S4XKSAet2Gjpnb9Jds4PuIfvjFf/bcOU5R2i4Vr5dyKg0+4NTzqz53wUv6ox RQaOKPWX7qIvgdtkDvQ3RI0ghKtcCp/ifSgxGR7M/mnZUpXJkSRN1NCzvdvmXh3sUOhG r3ZxwvNHOHooN5iEuoQvhM66+KmKja+7creYCFuFjABLq3hrQTwXi6orNIq1DLrqjX+b kw2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=rUWchDoKIMDjx7REd1lDAGgAk6m7IYhNTvpHswB7DEc=; b=C6k6piH8KgAEPW8pnhsm5v6FbC0dc19XAKWxgNftGUm25k/GcwTArMNgiSAQ9EO9Iw CmzyUUlacJN7Nf8jAlrRLgU+E0ltYvu+E64nbqukXbRmA6psNOmrJveu876zBF+nL1zN 6iz3sSGf8Cfhb8QvmdGnFQ5N9GaSraKu9GpNnqKIDaxirsLX6Cm85qtWZqKwn3BJUAk7 MvlsoglkLF1t12xkAe6LDIXrWR1wGodfm+dPXgnfUGLhEQytGPxGNSsfl1VOdlrXmIzp Vz4jvDdQApQMwYmagnPMB/4PYqrtrxY4i6G6wzFI9b0wZgxikA2ZwzOlG/g/VrhDPk2J ZA6w==
X-Gm-Message-State: ALoCoQlw7aHw7E80HR4iVLVvmieCu5LpnbyrO+i/s1E5L9tIyiRRkw0+tUwdKs597lhW2NMLYNtJAxeP0g+bDrfDxI3pnSJhthfc4zpHfnlV7kgw7wOB4PJfr+itWmOX1lZQnsL81uyvMehtl/aMquRCggkx64lGAY7UgLVjz4cg6frkMZQ4Z7ymVqxfYUraWuaZ+vGtJGFD
MIME-Version: 1.0
X-Received: by 10.221.26.10 with SMTP id rk10mr3524522vcb.0.1396966888424; Tue, 08 Apr 2014 07:21:28 -0700 (PDT)
Received: by 10.52.119.179 with HTTP; Tue, 8 Apr 2014 07:21:28 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7120AC188BB@USMBX1.msg.corp.akamai.com>
References: <5999195E-9073-4649-A224-BF71BA61CBAF@vigilsec.com> <CAG5KPzzqSQ++YpQcnYesecL0GQ0+J0ieMXBrNk6txMAC58xEQQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD0@USMBX1.msg.corp.akamai.com> <6.2.5.6.2.20140406121529.0bd2d730@resistor.net> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD7@USMBX1.msg.corp.akamai.com> <CAG5KPzxihe+k0x0njC+BANacmrrQyfU5RAY_EYcMYW2rx8DZfw@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED14@USMBX1.msg.corp.akamai.com> <CAG5KPzzzmJhcPfs0cJuS3f8Lu_Rua9dj0XWaOZ0RQ0Mwyd+egw@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120AC18663@USMBX1.msg.corp.akamai.com> <CABrd9SQaGTFzRaaxs7HNJ7uD_Bb=qPtCtTTsu-ZFYh+QAduzsg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120AC188A7@USMBX1.msg.corp.akamai.com> <CABrd9SQpaDn=FWCtpRxOprt1nus_Fbg6a9dpbDrdjoWi=H8NBg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120AC188BB@USMBX1.msg.corp.akamai.com>
Date: Tue, 8 Apr 2014 15:21:28 +0100
Message-ID: <CABrd9SRjvexZb5-qo_PsQNLu9BSxbH1zUOCYtomzutXF68j2ZA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/EvTSCoLB7brluZx2fDgJWbidV2w
Cc: "trans@ietf.org" <trans@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] [Trans] draft-iab-crypto-alg-agility-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 14:21:38 -0000

On 8 April 2014 15:18, Salz, Rich <rsalz@akamai.com> wrote:
>> > I do not understand why metadata is more secure then the data itself.
>
>> It is created by a different authority.
>
> ?  Is this in the part of the RFC that is still TBD?

The RFC describes how logs work and how clients work. It does not
describe how clients decide what logs they are prepared to accept. I
am not sure it should.

But whoever does also decides whether the algorithms in use by the
logs are acceptable and tells the client what those algorithms are
(along with other things, like the log's key, base URL and MMD).

-- 
Certificate Transparency is hiring! Let me know if you're interested.

v2.8.7 | Report a Bug | By Email